Web services provide a way to expose some business functionality over the Internet using a standardized way of integrating Web-based applications using the extensible Markup Language (XML), Simple Object Access Protocol (SOAP), Web Services Description Language (WSDL) and Universal Discovery and Description Interface (UDDI) open standards over an Internet protocol backbone. XML is used to tag the data, SOAP is used to transfer the data, WSDL is used for describing the services available, and UDDI is used for listing what services are available. Used primarily as a means for businesses to communicate with each other and with clients, Web services allow organizations to communicate data without intimate knowledge of each other's IT systems behind the firewall.
Unlike traditional client/server models, such as a Web server/Web page system, Web services do not provide the user with a GUI. Web services instead share business logic, data, and processes through a programmatic interface across a network. Developers can then add the Web service to a GUI, such as a Web page or an executable program, to offer specific functionality to users.
Web services are not independent of Web applications. Web applications form the technology foundation and Web services provide the glue for interactions and integration. Web services allow different applications from different sources to communicate with each other without time-consuming custom coding, and because all communication is in XML, Web services are not tied to any one operating system or programming language. For example, Java can talk with Practical Extraction and Report Language (Perl), Windows applications can talk with UNIX applications.
In a Web service system, a client who calls for a function formats a request with SOAP XML encoding and sends it to the server over a mutually agreeable communication protocol such as HyperText Transfer Protocol (HTTP) or Simple Mail Transfer Protocol (SMTP). The server runs some sort of a listener that accepts the incoming SOAP calls, reads the information from the XML SOAP packets, and maps them to business logic processing application software on the server. The application layer on the server processes the request and returns output to the listener, which formats the output into a response packet in the SOAP XML encoding and returns it to the client.
Security is a primary consideration when choosing a Web service for all applications. Web services security requirements include authentication, authorization, and data protection.
Authentication ensures that each entity involved in using a Web service is what it actually claims to be. Authentication involves accepting credentials from the entity and validating them against an authority.
Authorization determines whether the service provider has granted access to the Web service to the requestor. Basically, authorization confirms the service requestor's credentials. It determines if the service requestor is entitled to perform the operation, which can range from invoking the Web service to executing a certain part of its functionality.
With regard to data protection, Web services have to abide by relevant data protection laws if the transaction is conducted in the jurisdiction. Many countries and international organizations, such as U.S; Finland, Sweden, Germany, as well as OECD, have promulgated personal data protection laws and regulations. The laws and regulations are not same in all aspects. This brings difficulties in deploying the Web service product in multiple jurisdictions.
What is desired is a Web service that supports multiple countries' and entities' data protection laws and regulations.